build(deps): bump the actions-deps group across 1 directory with 8 updates

[dependabot]

Bumps the actions-deps group with 8 updates in the / directory:

Package	From	To
microsoft/setup-msbuild	2.0.0	3.0.0
actions/cache	5.0.4	5.0.5
actions/upload-artifact	7.0.0	7.0.1
rust-lang/crates-io-auth-action	1.0.3	1.0.4
actions/upload-pages-artifact	4.0.0	5.0.0
actions/deploy-pages	4.0.5	5.0.0
PyO3/maturin-action	1.50.1	1.51.0
pypa/gh-action-pypi-publish	1.13.0	1.14.0

Updates microsoft/setup-msbuild from 2.0.0 to 3.0.0

Release notes

Sourced from microsoft/setup-msbuild's releases.

v3 Update to move to Node24

What's Changed

• Fix small typo in README.md by @​GeckoEidechse in microsoft/setup-msbuild#129
• Update to Node24 by @​timheuer in microsoft/setup-msbuild#145

New Contributors

• @​GeckoEidechse made their first contribution in microsoft/setup-msbuild#129

Full Changelog: microsoft/setup-msbuild@v2...v3

v1.0.0 Release

This is the initial release of the microsoft/setup-msbuild GitHub Action. Use this task if needing to ensure you have msbuild.exe in the PATH for subsequent action tasks, like building .NET Framework applications.

Special thanks to @​warrenbuckley for inspiration on this!

Commits

• 30375c6 Merge updates to move to node24
• 53bd3e0 Merge branch 'timheuer/node24' of https://github.com/microsoft/setup-msbuild ...
• 4031508 fix: move to node24
• dfc05cc feat: enhance MSBuild setup summary in workflow 🛠️
• f62e96d fix: change test workflow for arch
• c77b6bc fix: move to node24
• 767f00a [skip ci] Merge pull request #129 from GeckoEidechse/fix/readme-typo
• 442baeb Fix small typo in README.md
• 70b7034 Update README.md [skip ci]
• 31e0ba2 Update README examples [skip ci]
• See full diff in compare view

Updates actions/cache from 5.0.4 to 5.0.5

Release notes

Sourced from actions/cache's releases.

v5.0.5

What's Changed

• Update ts-http-runtime dependency by @​yacaovsnc in actions/cache#1747

Full Changelog: actions/cache@v5...v5.0.5

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

1. Switch to a new branch from main.
2. Run npm test to ensure all tests are passing.
3. Update the version in https://github.com/actions/cache/blob/main/package.json.
4. Run npm run build to update the compiled files.
5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
6. Run licensed cache to update the license report.
7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
8. Commit your changes and push your branch upstream.
9. Open a pull request against main and get it reviewed and merged.
10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.4

• Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
• Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
• Bump fast-xml-parser to v5.5.6

5.0.3

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

5.0.2

• Bump @actions/cache to v5.0.3 #1692

5.0.1

• Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

... (truncated)

Commits

• 27d5ce7 Merge pull request #1747 from actions/yacaovsnc/update-dependency
• f280785 licensed changes
• 619aeb1 npm run build generated dist files
• bcf16c2 Update ts-http-runtime to 0.3.5
• See full diff in compare view

Updates actions/upload-artifact from 7.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

• Update the readme with direct upload details by @​danwkennedy in actions/upload-artifact#795
• Readme: bump all the example versions to v7 by @​danwkennedy in actions/upload-artifact#796
• Include changes in typespec/ts-http-runtime 0.3.5 by @​yacaovsnc in actions/upload-artifact#797

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits

• 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
• 634250c Include changes in typespec/ts-http-runtime 0.3.5
• e454baa Readme: bump all the example versions to v7 (#796)
• 74fad66 Update the readme with direct upload details (#795)
• See full diff in compare view

Updates rust-lang/crates-io-auth-action from 1.0.3 to 1.0.4

Release notes

Sourced from rust-lang/crates-io-auth-action's releases.

v1.0.4

What's Changed

• Update Renovate GitHub Action digest pinning configuration by @​marcoieni in rust-lang/crates-io-auth-action#205
• update tsdown to v0.21 by @​marcoieni in rust-lang/crates-io-auth-action#211
• update to node 24 by @​marcoieni in rust-lang/crates-io-auth-action#212
• update to actions core 3 by @​marcoieni in rust-lang/crates-io-auth-action#213
• Other dependencies updates

Full Changelog: rust-lang/crates-io-auth-action@v1.0.3...v1.0.4

Commits

• bbd8162 Merge pull request #213 from rust-lang/update-to-actions-core-3
• 8c12a02 update to actions core 3
• 57ca10c Merge pull request #212 from rust-lang/update-to-node-24
• 03c291b update to node 24
• 16020e9 Merge pull request #192 from rust-lang/renovate/lock-file-maintenance
• eea9b15 chore(deps): lock file maintenance
• 0beb7de Merge pull request #211 from rust-lang/update-tsdown-to-v0-21
• e143bce fix deprecation
• b1c8245 update tsdown to v0.21
• bec4b39 Merge pull request #209 from rust-lang/renovate/major-github-actions
• Additional commits viewable in compare view

Updates actions/upload-pages-artifact from 4.0.0 to 5.0.0

Release notes

Sourced from actions/upload-pages-artifact's releases.

v5.0.0

Changelog

• Update upload-artifact action to version 7 @​Tom-van-Woudenberg (#139)
• feat: add include-hidden-files input @​jonchurch (#137)

See details of all code changes since previous release.

Commits

• fc324d3 Merge pull request #139 from Tom-van-Woudenberg/patch-1
• fe9d4b7 Merge branch 'main' into patch-1
• 0ca1617 Merge pull request #137 from jonchurch/include-hidden-files
• 57f0e84 Update action.yml
• 4a90348 v7 --> hash
• 56f665a Update upload-artifact action to version 7
• f7615f5 Add include-hidden-files input
• See full diff in compare view

Updates actions/deploy-pages from 4.0.5 to 5.0.0

Release notes

Sourced from actions/deploy-pages's releases.

v5.0.0

Changelog

• Update Node.js version to 24.x @​salmanmkc (#404)
• Add workflow file for publishing releases to immutable action package @​Jcambass (#374)
• Bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory @​dependabot (#360)
• Make the rebuild dist workflow work nicer with Dependabot @​yoannchaudet (#361)
• Bump the non-breaking-changes group across 1 directory with 3 updates @​dependabot (#358)
• Delete repeated sentence @​garethsb (#359)
• Update README.md @​tsusdere (#348)
• Bump the non-breaking-changes group with 4 updates @​dependabot (#341)
• Remove error message for file permissions @​TooManyBees (#340)

---

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

Commits

• cd2ce8f Merge pull request #404 from salmanmkc/node24
• bbe2a95 Update Node.js version to 24.x
• 854d7aa Merge pull request #374 from actions/Jcambass-patch-1
• 306bb81 Add workflow file for publishing releases to immutable action package
• b742728 Merge pull request #360 from actions/dependabot/npm_and_yarn/npm_and_yarn-513...
• 7273294 Bump braces in the npm_and_yarn group across 1 directory
• 963791f Merge pull request #361 from actions/dependabot-friendly
• 51bb29d Make the rebuild dist workflow safer for Dependabot
• 89f3d10 Merge pull request #358 from actions/dependabot/npm_and_yarn/non-breaking-cha...
• bce7355 Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21
• Additional commits viewable in compare view

Updates PyO3/maturin-action from 1.50.1 to 1.51.0

Release notes

Sourced from PyO3/maturin-action's releases.

v1.51.0

What's Changed

• Initial Android build support by @​messense in PyO3/maturin-action#426
• Support native riscv64 builds on manylinux 2_39 by @​weiji14 in PyO3/maturin-action#429

New Contributors

• @​weiji14 made their first contribution in PyO3/maturin-action#429

Full Changelog: PyO3/maturin-action@v1.50.1...v1.51.0

Commits

• e83996d Bump version to 1.51.0
• 36eb3d0 Update versions-manifest.json (#435)
• bd90123 Update versions-manifest.json (#434)
• ef46725 Bump brace-expansion (#433)
• 72c5fe1 Bump actions/setup-node from 6.2.0 to 6.3.0 (#432)
• 9450741 Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (#430)
• d8dc7d4 Bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2 (#431)
• 0bca1d2 Bump picomatch from 4.0.3 to 4.0.4 (#428)
• 3f475a4 Support native riscv64 builds on manylinux 2_39 (#429)
• 5f46978 Bump flatted from 3.3.3 to 3.4.2 (#427)
• Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.14.0

✨ What's Changed

The main change in this release is that verbose and print-hash inputs are now on by default. This was contributed by @​whitequark💰 in #397.

📝 Docs

@​woodruffw💰 updated the mentions of PEP 740 to stop implying that it might be experimental (it hasn't been for quite a while!) in #388 and @​him2him2💰 brushed up some grammar in the README and SECURITY docs via #395.

🛠️ Internal Updates

@​woodruffw💰 bumped sigstore and pypi-attestations in the lock file (#391) and @​webknjaz💰 added infra for using type annotations in the project (#381).

💪 New Contributors

• @​him2him2 made their first contribution in #395
• @​whitequark made their first contribution in #397

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.13.0...v1.14.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​facutuesca💰 and @​woodruffw💰 for helping maintain this project when I can't!

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

Commits

• cef2210 Merge pull request #397 from whitequark/patch-1
• b4595e2 Enable verbose and print-hash by default.
• e2bab26 Merge pull request #395 from him2him2/docs/fix-typos-and-grammar
• 7495c38 docs: fix typos and grammar in README and SECURITY
• 03f86fe Merge pull request #388 from woodruffw-forks/ww/rm-experimental
• 4c78f1c Merge branch 'unstable/v1' into ww/rm-experimental
• b5a6e8b deps: bump sigstore and pypi-attestations
• a48a03e remove another experimental mention
• 8087a88 action: remove a lingering mention of PEP 740 being experimental
• 3317ede 🧪 Integrate actionlint via pre-commit framework
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions